Get supported authentication methods (IMAP, POP3, SMTP)

Not all servers support all authentication methods. It is sometimes good to know which methods are supported and which are not. This post explains how to get supported authentication methods supported by the email server in .NET.

It is very common for email servers to support different authentication methods for plain text connections and different methods for SSL (ConnectSSL) or TLS (StartTLS, STLS) secured sessions.

Even though protocol commands and responses are different between server types (IMAP, POP3, and SMTP), API is very similar. We take great care to make it similar for all protocols (IMAP, POP3, SMTP). You can use SupportedAuthenticationMethods on Imap, Pop3 or Smtp class to retrieve all authentication methods supported by the server.

' VB.NET
Using client As New Imap()
client.Connect("imap.example.org") ' or ConnectSSL for SSL
client.UseBestLogin("user", "password")
Console.WriteLine("Supported methods:")
For Each method As ImapAuthenticationMethod In client.SupportedAuthenticationMethods()
Console.WriteLine(method.Name)
Next
Console.WriteLine("Supports CramMD5:")
Dim supportsCramMD5 As Boolean = client.SupportedAuthenticationMethods() _
.Contains(ImapAuthenticationMethod.CramMD5)
Console.WriteLine(supportsCramMD5)
client.Close()
End Using

For example Gmail produces following output:

Supported methods:
XOAUTH
XOAUTH2
Supports CramMD5:
False

As you can see this list is not entirely accurate as LOGIN command is supported by Google.

The current IMAP protocol specification requires the implementation of the LOGIN command which uses clear-text passwords.

Please also note that although LOGIN command send user and password in clear text, Gmail requires clients to use SSL (To connect you must use ConnectSSL method). This means that entire communication channel is secured using SSL (in the same way https is) and it is impossible to eavesdrop the password.

LOGINDISABLED

The current IMAP protocol specification requires the implementation of the LOGIN command which uses clear-text passwords.

Many sites may choose to disable this command unless encryption is active (ConnectSSL or StartTLS) for security reasons.

An IMAP server, especially the one that allows connecting without SSL, MAY advertise that the LOGIN command is disabled by including the LOGINDISABLED capability in the capability response.

' VB.NET
Using client As New Pop3()
client.Connect("pop3.example.org") ' or ConnectSSL for SSL
client.UseBestLogin("user", "password")
Console.WriteLine("Supported methods:")
For Each method As Pop3AuthenticationMethod In client.SupportedAuthenticationMethods()
Console.WriteLine(method.Name)
Next
Console.WriteLine("Supports CramMD5:")
Dim supportsCramMD5 As Boolean = client.SupportedAuthenticationMethods() _
.Contains(Pop3AuthenticationMethod.CramMD5)
Console.WriteLine(supportsCramMD5)
client.Close()
End Using

In most cases UseBestLogin method is going to chose appropriate authentication method for you and authenticate you.

' VB.NET
Using client As New Smtp()
client.Connect("smtp.example.org") ' or ConnectSSL for SSL
client.UseBestLogin("user", "password")
Console.WriteLine("Supported methods:")
For Each method As SmtpAuthenticationMethod In client.SupportedAuthenticationMethods()
Console.WriteLine(method.Name)
Next
Console.WriteLine("Supports CramMD5:")
Dim supportsCramMD5 As Boolean = client.SupportedAuthenticationMethods() _
.Contains(SmtpAuthenticationMethod.CramMD5)
Console.WriteLine(supportsCramMD5)
client.Close()
End Using

In most cases UseBestLogin method is going to chose appropriate authentication method for you and authenticate you.